2.2 billion Facebook users must log out, re-login across devices to prevent their accounts being hacked

New Delhi: After Facebook admitted that hackers broke into nearly 50 million users’ accounts by stealing their “access tokens” or digital keys, cyber experts on Saturday warned over 2.3 billion users to log out and log back into Facebook, or any of third-party apps that use Facebook login.

Facebook has reset the access tokens of almost 50 million accounts it knew were affected. It has also taken the precautionary step of resetting access tokens for another 40 million accounts that have been subject to “View As” look-up in the last year.

“For now, logging out and back in is all that is necessary. The truly concerned should use this as a reminder and an opportunity to review all of their security and privacy settings on Facebook and all other social media platforms,” Chester Wisniewski, Principal Research Scientist with global cybersecurity major Sophos, told IANS.

According to Dr Gary McGraw, Vice President of Security Technology, Synopsys (Software Integrity Group), this breach emphasises just how important software security is, and how subtle solid security engineering can be.

“When a feature like ‘View As’ can be turned on its head into an exploit, it indicates a design problem that led to an unanticipated security vulnerability,” noted Dr McGraw.

“Design flaws like this lurk in the mind-boggling complexity of today’s commercial systems, and must be systematically uncovered and corrected when software is being designed and built,” he added.

If you’ve ever wondered what keeps you logged into your account even after you restart your laptop/browser – those are access tokens (cookies). They maintain a constant session even when your IP changes.

“In this case, hackers were able to steal these tokens, which basically means the hacker could fool Facebook servers to believe they are the authorised users of the target’s account that would give the attacker, complete access of the target’s account,” said Saket Modi, CEO and Co-Founder of Lucideus, an IT risk assessment and digital security services provider.

According to experts, they don’t know for how long the vulnerability existed, who the hackers were and the extent of damage that might have been caused in terms of stealing not only one’s profile data but, in this case, potentially the personal messages, pictures and chats, among others.

“As a precaution, all Facebook users must log out and re-login into all the gadgets that they have their Facebook session active like your cell phone (app or browser), laptop and desktop, etc,” Modi advised.

Facebook said it does not know who is behind this massive security attack.

“We’re working hard to better understand these details and “we will update this post when we have more information, or if the facts change,” said the company.

In the Cambridge Analytica scandal, data of nearly 87 million people was breached upon.

Source: IANS

Facebook-owned Whatsapp testing feature to detect fake news, suspicious links and spam

Amid the pressure to curb fake news spread over its popular chatting platform, Facebook-owned Whatsapp is in a process of testing a new feature. The company is moving with the idea of adding a ‘Suspicious Link Detection’ feature. The feature aims to help its users to know whether the website links which they are receiving are from legitimate sources or not.

This feature is seen as a major tool to know and understand fake news and stop its spread. The feature is a part of the company’s efforts to make the app safer and to stop it becoming a tool of anti-social elements.

According to WABetaInfo, Whatsapp has submitted the new update through the Google Play Beta Program. However, the feature is not available for use as of now, as it is in the testing stage.

In the promising feature, the Whatsapp will do a background check of every link being shared on the platform in order to verify whether the information is true. If not, a ‘Suspicious Link’ flag will pop up against the link. If a user decides to ignore the flag and still proceeds to open the link, Whatsapp will again throw up an alert asking the user if they want to proceed or go back. If the user wants to proceed with opening the link, he can tap on the ‘Open Link’ option. And if he doesn’t want to, then he can tap on ‘Go Back’.

According to WABetaInfo post, every time WhatsApp analyses a link, it will do it locally without sending any data packets to its servers. However, there is no word from the company on when this feature being made official.

Meanwhile, the company has also been working on a feature that labels forwarded messages.

Recently, the Ministry of Electronics and Information Technology has taken serious note of these irresponsible messages and their circulation in such platforms. The government has asked WhatsApp to take immediate action to end the menace of spreading messages that impact the country’s law and order situation and ensure that the platform is not used for such malafide activities.

“Instances of the lynching of innocent people have been noticed recently because of a large number of irresponsible and explosive messages filled with rumours and provocation are being circulated on WhatsApp. The unfortunate killing in many states such as Assam, Maharashtra, Karnataka, Tripura and west Bengals are deeply painful and regrettable,” the statement from the IT Ministry had said.

Source: Financial Express